commit yast2-apparmor for openSUSE:Factory

Sat, 26 Jan 2019 13:21:17 -0800 

Hello community,

here is the log from the commit of package yast2-apparmor for openSUSE:Factory 
checked in at 2019-01-26 22:20:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-apparmor (Old)
 and      /work/SRC/openSUSE:Factory/.yast2-apparmor.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "yast2-apparmor"

Sat Jan 26 22:20:52 2019 rev:73 rq:668378 version:4.1.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-apparmor/yast2-apparmor.changes    
2019-01-24 14:00:36.224243801 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-apparmor.new.28833/yast2-apparmor.changes 
2019-01-26 22:21:01.938922857 +0100
@@ -1,0 +2,7 @@
+Thu Jan 24 12:39:46 UTC 2019 - Stefan Hundhammer <[email protected]>
+
+- Adapted aa-status parser to new output format to prevent crash
+  (bsc#1121274)
+- 4.1.5
+
+-------------------------------------------------------------------

Old:
----
  yast2-apparmor-4.1.4.tar.bz2

New:
----
  yast2-apparmor-4.1.5.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-apparmor.spec ++++++
--- /var/tmp/diff_new_pack.Jrox6Q/_old  2019-01-26 22:21:03.678921447 +0100
+++ /var/tmp/diff_new_pack.Jrox6Q/_new  2019-01-26 22:21:03.682921444 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-apparmor
-Version:        4.1.4
+Version:        4.1.5
 Release:        0
 Summary:        YaST2 - Plugins for AppArmor Profile Management
 License:        GPL-2.0-only
@@ -31,6 +31,11 @@
 Requires:       yast2 > 3.3.2
 Requires:       yast2-ruby-bindings >= 1.0.0
 
+# New JSON output format in aa-status; upstream change:
+# aa-status: split profile from exec name
+# bsc#1121274 / PR#35
+Conflicts:      apparmor-utils < 2.13
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 

++++++ yast2-apparmor-4.1.4.tar.bz2 -> yast2-apparmor-4.1.5.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-apparmor-4.1.4/package/yast2-apparmor.changes 
new/yast2-apparmor-4.1.5/package/yast2-apparmor.changes
--- old/yast2-apparmor-4.1.4/package/yast2-apparmor.changes     2019-01-14 
14:56:14.000000000 +0100
+++ new/yast2-apparmor-4.1.5/package/yast2-apparmor.changes     2019-01-24 
16:29:16.000000000 +0100
@@ -1,4 +1,11 @@
 -------------------------------------------------------------------
+Thu Jan 24 12:39:46 UTC 2019 - Stefan Hundhammer <[email protected]>
+
+- Adapted aa-status parser to new output format to prevent crash
+  (bsc#1121274)
+- 4.1.5
+
+-------------------------------------------------------------------
 Mon Jan 14 07:41:58 CST 2019 - [email protected]
 
 - Use exit status of the executed program and present appropriate
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-apparmor-4.1.4/package/yast2-apparmor.spec 
new/yast2-apparmor-4.1.5/package/yast2-apparmor.spec
--- old/yast2-apparmor-4.1.4/package/yast2-apparmor.spec        2019-01-14 
14:56:14.000000000 +0100
+++ new/yast2-apparmor-4.1.5/package/yast2-apparmor.spec        2019-01-24 
16:29:16.000000000 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-apparmor
-Version:        4.1.4
+Version:        4.1.5
 Release:        0
 Summary:        YaST2 - Plugins for AppArmor Profile Management
 Url:            https://github.com/yast/yast-apparmor
@@ -31,6 +31,11 @@
 Requires:       yast2 > 3.3.2
 Requires:       yast2-ruby-bindings >= 1.0.0
 
+# New JSON output format in aa-status; upstream change:
+# aa-status: split profile from exec name
+# bsc#1121274 / PR#35
+Conflicts:     apparmor-utils < 2.13
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-apparmor-4.1.4/src/lib/apparmor/profiles.rb 
new/yast2-apparmor-4.1.5/src/lib/apparmor/profiles.rb
--- old/yast2-apparmor-4.1.4/src/lib/apparmor/profiles.rb       2019-01-14 
14:56:14.000000000 +0100
+++ new/yast2-apparmor-4.1.5/src/lib/apparmor/profiles.rb       2019-01-24 
16:29:16.000000000 +0100
@@ -48,7 +48,7 @@
     end
 
     def to_s
-      @name + ', ' + @status + ', ' + @pid
+      "#{@name}, #{@status}, #{@pid}"
     end
 
     def to_array
@@ -77,22 +77,15 @@
 
   # Class representing a list of profiles
   class Profiles
+    include Yast::Logger
     attr_reader :prof
     def initialize
-      status_output = command_output("/usr/sbin/aa-status", "--json")
-
-      jtext = JSON.parse(status_output)
-      h = jtext['profiles']
       @prof = {}
-      h.each do |name, status|
-        @prof[name] = Profile.new(name, status)
-      end
-      h = jtext['processes']
-      h.each do |name, pidmap|
-        pidmap.each do |p|
-          @prof[name].addPid(p['pid'])
-        end
-      end
+      status_output = command_output("/usr/sbin/aa-status", "--pretty-json")
+      log.info("aa-status output:\n#{status_output}\n")
+      jtext = JSON.parse(status_output)
+      add_profiles(jtext["profiles"])
+      add_processes(jtext["processes"])
     end
 
     def active
@@ -110,6 +103,68 @@
 
   private
 
+    # Add all profiles from the "profiles" section of the parsed JSON output of
+    # the aa-status command.
+    #
+    # Sample JSON:
+    #
+    #  "profiles": {
+    #      "/usr/bin/lessopen.sh": "enforce",
+    #      "/usr/lib/colord": "enforce",
+    #      "/usr/{bin,sbin}/dnsmasq": "enforce",
+    #      "nscd": "enforce",
+    #      "ntpd": "enforce",
+    #      "syslogd": "enforce",
+    #      "traceroute": "enforce",
+    #      "winbindd": "enforce"
+    #  }
+    def add_profiles(profiles)
+      return if profiles.nil?
+      profiles.each do |name, status|
+        log.info("Profile name: #{name} status: #{status}")
+        @prof[name] = Profile.new(name, status)
+      end
+    end
+
+    # Add all processesfrom the "profiles" section of the parsed JSON output of
+    # the aa-status command.
+    #
+    # Sample JSON:
+    #
+    # "processes": {
+    #     "/usr/sbin/nscd": [
+    #         {
+    #             "profile": "nscd",
+    #             "pid": "805",
+    #             "status": "enforce"
+    #         }
+    #     ],
+    #     "/usr/lib/colord": [
+    #         {
+    #             "profile": "/usr/lib/colord",
+    #             "pid": "1790",
+    #             "status": "enforce"
+    #         }
+    #     ]
+    # }
+    def add_processes(processes)
+      return if processes.nil?
+      processes.each do |executable_name, pidmap_list|
+        pidmap_list.each do |pidmap|
+          profile_name = pidmap["profile"] || executable_name
+          pid = pidmap["pid"]
+          if @prof.key?(profile_name)
+            msg = "Active process #{pid} #{executable_name}"
+            msg += " profile name #{profile_name}" if executable_name != 
profile_name
+            log.info(msg)
+            @prof[profile_name].addPid(pid)
+          else
+            log.warn("No profile #{profile_name}")
+          end
+        end
+      end
+    end
+
     # Returns the output of the given command
     #
     # @param args [Array<String>, Array<Array<String>>] the command to execute 
and

Reply via email to